Show message later

Hello everybody,
lately we are noticing that some messages are missing correctly forwarded to graylog. They are missing only in the first hours, then after we can correctly see them. It is not a definite time it changes from the times.
I read what I was able to find on the community, the time of server, graylog server and user in graylog are all the same. The message does not contain timestamps in date format, in fact the arrival time is correctly taken for those that work.

Do you know if I can do something?

Thanks in advance to everyone.

Yes, that’s normal problem when timestamps are saved in future. You can find them, if you use absolute time frame selector and select future date. Check also if your devices have already setup correct timezone.

https://docs.graylog.org/en/4.0/pages/searching/time_frame_selector.html#absolute-time-frame-selector

Hello,
Thanks for the reply.
However the problem is not the timestamp because all messages are logged only some are displayed later.

Is there any system job running? Do you have any ideas?

The message structure is also the same.

We fail to understand

graylog was clustered, by shutting down one of the two frontend servers (graylog only, no elastic and no mongodb) the messages are immediately displayed correctly.

Do you have any ideas?

Thanks everyone in advance

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.